{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/rhel7els/vex/2026/cve-2026-40020-els_os-rhel7els.json" } ], "tracking": { "current_release_date": "2026-05-22T16:07:02Z", "generator": { "date": "2026-05-22T16:07:02Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2026-40020-ELS_OS-RHEL7ELS", "initial_release_date": "2026-05-12T14:17:00Z", "revision_history": [ { "date": "2026-05-12T14:17:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-05-22T16:07:02Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2026-40020" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7", "product_identification_helper": { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "dovecot-1:2.2.36-8.el7.i686", "product": { "name": "dovecot-1:2.2.36-8.el7.i686", "product_id": "dovecot-1:2.2.36-8.el7.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/dovecot@2.2.36-8.el7?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "dovecot-devel-1:2.2.36-8.el7.i686", "product": { "name": "dovecot-devel-1:2.2.36-8.el7.i686", "product_id": "dovecot-devel-1:2.2.36-8.el7.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/dovecot-devel@2.2.36-8.el7?arch=i686&epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "dovecot-1:2.2.36-8.el7.x86_64", "product": { "name": "dovecot-1:2.2.36-8.el7.x86_64", "product_id": "dovecot-1:2.2.36-8.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dovecot@2.2.36-8.el7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-devel-1:2.2.36-8.el7.x86_64", "product": { "name": "dovecot-devel-1:2.2.36-8.el7.x86_64", "product_id": "dovecot-devel-1:2.2.36-8.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dovecot-devel@2.2.36-8.el7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-mysql-1:2.2.36-8.el7.x86_64", "product": { "name": "dovecot-mysql-1:2.2.36-8.el7.x86_64", "product_id": "dovecot-mysql-1:2.2.36-8.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dovecot-mysql@2.2.36-8.el7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-pigeonhole-1:2.2.36-8.el7.x86_64", "product": { "name": "dovecot-pigeonhole-1:2.2.36-8.el7.x86_64", "product_id": "dovecot-pigeonhole-1:2.2.36-8.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dovecot-pigeonhole@2.2.36-8.el7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-pgsql-1:2.2.36-8.el7.x86_64", "product": { "name": "dovecot-pgsql-1:2.2.36-8.el7.x86_64", "product_id": "dovecot-pgsql-1:2.2.36-8.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dovecot-pgsql@2.2.36-8.el7?arch=x86_64&epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "dovecot-1:2.2.36-8.el7.tuxcare.els1.i686", "product": { "name": "dovecot-1:2.2.36-8.el7.tuxcare.els1.i686", "product_id": "dovecot-1:2.2.36-8.el7.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot@2.2.36-8.el7.tuxcare.els1?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686", "product": { "name": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686", "product_id": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-devel@2.2.36-8.el7.tuxcare.els1?arch=i686&epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product": { "name": "dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_id": "dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot@2.2.36-8.el7.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product": { "name": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_id": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-devel@2.2.36-8.el7.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product": { "name": "dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_id": "dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-mysql@2.2.36-8.el7.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product": { "name": "dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_id": "dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-pigeonhole@2.2.36-8.el7.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product": { "name": "dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_id": "dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-pgsql@2.2.36-8.el7.tuxcare.els1?arch=x86_64&epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.2.36-8.el7.tuxcare.els1.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.i686" }, "product_reference": "dovecot-1:2.2.36-8.el7.tuxcare.els1.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.2.36-8.el7.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-1:2.2.36-8.el7.i686" }, "product_reference": "dovecot-1:2.2.36-8.el7.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64" }, "product_reference": "dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.2.36-8.el7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-1:2.2.36-8.el7.x86_64" }, "product_reference": "dovecot-1:2.2.36-8.el7.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686" }, "product_reference": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.2.36-8.el7.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.i686" }, "product_reference": "dovecot-devel-1:2.2.36-8.el7.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64" }, "product_reference": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.2.36-8.el7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.x86_64" }, "product_reference": "dovecot-devel-1:2.2.36-8.el7.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64" }, "product_reference": "dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-mysql-1:2.2.36-8.el7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.x86_64" }, "product_reference": "dovecot-mysql-1:2.2.36-8.el7.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64" }, "product_reference": "dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pigeonhole-1:2.2.36-8.el7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.x86_64" }, "product_reference": "dovecot-pigeonhole-1:2.2.36-8.el7.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64" }, "product_reference": "dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pgsql-1:2.2.36-8.el7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.x86_64" }, "product_reference": "dovecot-pgsql-1:2.2.36-8.el7.x86_64", "relates_to_product_reference": "Red-Hat-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-40020", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "notes": [ { "category": "description", "text": "Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed version. No publicly available exploits are known.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "Red-Hat-7:dovecot-1:2.2.36-8.el7.i686", "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.i686", "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.i686", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-40020" }, { "category": "external", "summary": "https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0002.json", "url": "https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0002.json" } ], "release_date": "2026-05-12T14:17:00Z", "remediations": [ { "category": "no_fix_planned", "date": "2026-05-19T17:38:24.594126Z", "details": "Exploitation requires an already-authenticated IMAP user and the IMAP ACL/SETACL functionality to be enabled, and it only allows inserting the “anyone” identifier into that user’s own dovecot-acl file—creating nuisance shared folders without granting access to others’ data or altering message integrity. With no confidentiality or integrity impact, no privilege escalation, and effects limited to minor availability/user-experience noise on the mail server, the real-world risk to managed enterprise VM/server deployments is low. Given the absence of known public exploits and the dependency on a specific ACL setup, this CVE can be safely deprioritized behind vulnerabilities that enable data exposure or code execution.", "product_ids": [ "Red-Hat-7:dovecot-1:2.2.36-8.el7.i686", "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.i686", "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.i686", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red-Hat-7:dovecot-1:2.2.36-8.el7.i686", "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.i686", "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.i686", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }